Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RH2
New Contributor II

5.0.5 is broken

updated my virtual fortimanager to version 5.0.5 and when I tried to push and address change to 27 sites that all use the same policy package and only two showed the change being applied. all the others showed " no commands to install"
7 REPLIES 7
HA
Contributor

Hello, One of my customer manage 23 Fortigate (all running MR3P12) using FM MR3P7. But we face some problems (traffic shaping cannot be applied to policy, etc) with this release. 5.0.5 is currently under testing in a lab environment (with a FBT200B running the same release). No problem for the moment... Which version are you running on the FGT ?? Which model of firewall ? Regards, HA
RH2
New Contributor II

v5.0.5 on the manager and on the 100D fortigate HA pairs.
HA
Contributor

Hello, The problem is coming from the package version in the Fortimanager. If the package release is version 5 and you try to push the policy to a device running release 4.x (example MR3P15), you receive this error message : no commands to install I test it in my lab. So you need two packages, one for release 4.x and one for 5.x and push the package to the FGT matching the version. PS: You must be enabled ADOM. Regards, HA
RH2
New Contributor II

sorry HA but that' s not it. I know about the package version. All of our fortigates are version 5.0.5 and were upgraded before the manager was. The problem is that I updated on address and when I attempted to deploy the change only two HA pairs showed the new address change. All the rest of them showed NO CHANGES necessary. They all use the same policy package and they all are the same model. The one 3240c pair is the only one that uses a different policy package.
HA
Contributor

Hello, Do you try to remove the FGT from FM and add it again ? Regards, HA
brianmac64
New Contributor

I am having problems with 5.0.5 as well. Does not seem to be ready for production.
moo?
moo?
Sean_Toomey_FTNT

Hi RH, Sorry to hear about your issue. I' ve not seen this one personally, I' ve been a heavy user of FMGR for a few years now. I would first recommend that you update FortiManager to the latest version and recheck this function. If that doesn' t work for you, please backup the configuration and open a TAC case so we can get this working for you. The only time I' ve seen something like what you' re describing is if one policy push doesn' t work for a couple of FGTs and they come back in error status, then next time you push, the ones that already received the change would say " no changes needed" whereas the ones that had errored before would have the changes. Out of interest, when this happened did you verify manually that the config change wasn' t there locally on one of the FGT' s that said No changes needed? Hope this helps Cheers!
-- Sean Toomey, CISSP FCNSP Consulting Security Engineer (CSE) FORTINET— High Performance Network Security
Labels
Top Kudoed Authors